| Index: components/ssl_errors/error_classification.cc
|
| diff --git a/components/ssl_errors/error_classification.cc b/components/ssl_errors/error_classification.cc
|
| index 7ab390bc62adc8d5e8918e574f77f7654a99c4bf..24f3bc517e5284a9c94920977db53e1526812e9d 100644
|
| --- a/components/ssl_errors/error_classification.cc
|
| +++ b/components/ssl_errors/error_classification.cc
|
| @@ -16,6 +16,7 @@
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "base/time/time.h"
|
| #include "build/build_config.h"
|
| +#include "components/network_time/network_time_tracker.h"
|
| #include "components/ssl_errors/error_info.h"
|
| #include "components/url_formatter/url_formatter.h"
|
| #include "net/base/network_change_notifier.h"
|
| @@ -119,6 +120,7 @@ base::LazyInstance<base::Time> g_testing_build_time = LAZY_INSTANCE_INITIALIZER;
|
|
|
| void RecordUMAStatistics(bool overridable,
|
| const base::Time& current_time,
|
| + const network_time::NetworkTimeTracker* network_time,
|
| const GURL& request_url,
|
| int cert_error,
|
| const net::X509Certificate& cert) {
|
| @@ -128,15 +130,28 @@ void RecordUMAStatistics(bool overridable,
|
| ssl_errors::ErrorInfo::END_OF_ENUM);
|
| switch (type) {
|
| case ssl_errors::ErrorInfo::CERT_DATE_INVALID: {
|
| - if (IsUserClockInThePast(base::Time::NowFromSystemTime())) {
|
| - RecordSSLInterstitialCause(overridable, CLOCK_PAST);
|
| - } else if (IsUserClockInTheFuture(base::Time::NowFromSystemTime())) {
|
| - RecordSSLInterstitialCause(overridable, CLOCK_FUTURE);
|
| - } else if (cert.HasExpired() &&
|
| - (current_time - cert.valid_expiry()).InDays() < 28) {
|
| - RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY);
|
| + switch (GetClockState(current_time, network_time)) {
|
| + case NETWORK_PAST:
|
| + case BUILD_PAST:
|
| + RecordSSLInterstitialCause(overridable, CLOCK_PAST);
|
| + break;
|
| + case NETWORK_FUTURE:
|
| + case BUILD_FUTURE:
|
| + RecordSSLInterstitialCause(overridable, CLOCK_FUTURE);
|
| + break;
|
| + case UNKNOWN:
|
| + // Fall through, but, would it be better to break here? Not
|
| + // sure it makes sense to record |EXPIRED_RECENTLY| in this
|
| + // case. UNKNOWN means that network time is unavailable and
|
| + // that the system clock is within a 367-day bound around
|
| + // the build time. That's a lot of slop.
|
| + case NETWORK_OK:
|
| + if (cert.HasExpired() &&
|
| + (current_time - cert.valid_expiry()).InDays() < 28) {
|
| + RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY);
|
| + }
|
| + break;
|
| }
|
| - break;
|
| }
|
| case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: {
|
| std::string host_name = request_url.host();
|
| @@ -181,30 +196,33 @@ void RecordUMAStatistics(bool overridable,
|
| net::NetworkChangeNotifier::CONNECTION_LAST);
|
| }
|
|
|
| -bool IsUserClockInThePast(const base::Time& time_now) {
|
| - base::Time build_time;
|
| - if (!g_testing_build_time.Get().is_null()) {
|
| - build_time = g_testing_build_time.Get();
|
| - } else {
|
| - build_time = base::GetBuildTime();
|
| +ClockState GetClockState(
|
| + const base::Time& now_system,
|
| + const network_time::NetworkTimeTracker* network_time_tracker) {
|
| + base::Time now_network;
|
| + base::TimeDelta uncertainty;
|
| + const base::TimeDelta kNetworkTimeFudge = base::TimeDelta::FromMinutes(5);
|
| + if (network_time_tracker->GetNetworkTime(&now_network, &uncertainty)) {
|
| + if (now_system < now_network - uncertainty - kNetworkTimeFudge) {
|
| + return NETWORK_PAST;
|
| + }
|
| + if (now_system > now_network + uncertainty + kNetworkTimeFudge) {
|
| + return NETWORK_FUTURE;
|
| + }
|
| + return NETWORK_OK;
|
| }
|
|
|
| - if (time_now < build_time - base::TimeDelta::FromDays(2))
|
| - return true;
|
| - return false;
|
| -}
|
| -
|
| -bool IsUserClockInTheFuture(const base::Time& time_now) {
|
| - base::Time build_time;
|
| - if (!g_testing_build_time.Get().is_null()) {
|
| - build_time = g_testing_build_time.Get();
|
| - } else {
|
| - build_time = base::GetBuildTime();
|
| + base::Time build_time = g_testing_build_time.Get().is_null()
|
| + ? base::GetBuildTime()
|
| + : g_testing_build_time.Get();
|
| + if (now_system < build_time - base::TimeDelta::FromDays(2)) {
|
| + return BUILD_PAST;
|
| + }
|
| + if (now_system > build_time + base::TimeDelta::FromDays(365)) {
|
| + return BUILD_FUTURE;
|
| }
|
|
|
| - if (time_now > build_time + base::TimeDelta::FromDays(365))
|
| - return true;
|
| - return false;
|
| + return UNKNOWN;
|
| }
|
|
|
| void SetBuildTimeForTesting(const base::Time& testing_time) {
|
|
|
Chromium Code Reviews
Issue 1772143002:
Use network time for bad clock interstitial. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master